Uber has suffered from the next data leak. This became known on the weekend, when an attacker under the nickname Uberleak began to drain the confidential information of the company on a hacker forum, stolen from a third -party supplier Teqtivity.
as reported teqtivity, the company knows that customer data were compromised as a result of hacking. Attackers managed to access the TEQTIVITY AWS backup server, which stored data on companies that collaborate with Teqtivity. In the hands of the hackers were:
Information about the device: serial number, brand, model, technical specifications;
Information about the User: Name, Surname, Working Email address, Information about the place of work.
In addition, the dumps contained archives and source codes associated with MDM platforms that are used in Uber and Uber Eats, as well as third-party services services. And in one of the documents there were email addresses and Windows Active Directory information of more than 77,000 Uber employees. It is noted that the merged data do not contain information about Uber clients and are not part of the September dump.
Attackers acting under the pseudonym Uberleak created four topics on the theft of data at the hacker forum:
uber mdm on uberhub.uberinternal.com;
uber eats mdm;
teqtivity mdm;
tripactions mdm
In each of the topics, a member of the Lapsus $ group, which previously hacked Uber, was mentioned. However, the company denied that the notorious group was behind hacking and made it clear that the attackers failed to access uberinternal.com.